Metasploit Basics, Part 4

Metasploit Basics, Part 4: Connecting and Using the PostgreSQL Database with Metasploit

Welcome back my aspiring pentesters/hackers!

In this series, we are exploring the power and features of the world's most popular and powerful exploitation framework, Metasploit.

In this tutorial, we will be examining how to connect the PostgreSQL database to Metasploit. In this way, we can speed up our Metasploit module searches and save our results from port and vulnerability scanning and other reconnaissance for later use in exploitation.

Step #1 Start the PostgreSQL Database

The first step is to start the PostgreSQL database. We do this by typing service, the name of the service (PostgreSQL) and the action (start).

kali > service postgresql start

Step #2 Fire Up Kali

I will be using Kali Linux that comes with Metasploit built-in, but you can use Metasploit in nearly any operating system.

The first step is to fire up Kali and start Metasploit by typing;

kali > msfconsole

Note that the latest version of Metasploit is 4.14.5 and it now has over 1600 exploits!

Step #3 Initialize the Database

The next step is to initialize the database from the msfconsole prompt.

msf > msfdb init

As you can see above, it creates the database "msf" and "msf_test" and the initial database schema.

Step #4 Enter the PostgreSQL Database

Next, we need to enter the PostgreSQL database and do a bit of housekeeping. 

msf > su postgresql

Once we enter the PostgreSQL database, we need to create a user and a database. In this case, we will create a user named msf_user with a password hackesarise.

postgresql@kali > createuser msf_user -P

PostgreSQL will prompt you for your password twice.

Next, we create a database named msf_database and designate msf_user as the owner of the database

postgresql@kali > createdb owner=msf_user msf_database

And then return to the Metasploit console by entering "exit"

postgresql@kali > exit

Now, at  the msf> prompt, we need to connect to the database using the db_connect command with our username, password, the IP of the database and the name of the database

msf> db_connect msf_user:hackersarise@127.0.0.1/msf_database

Now when we type, db_status we can see that we are connected to the database

msf_database

msf > db_status

Step #5 Workspace

To view the workspace in Metasploit, we can simply enter the command workspace.

msf > workspace

Metasploit will respond with a list of workspaces with an asterisk (*) or star after the default workspace.

We can add a new workspace by using the workspace command followed by the option -a and the then the name of the new workspace. Generally, I use a new workspace for each penetration job I work on to keep my data separate and organized.

msf > workspace -hackers rise

Note also that we can switch workspaces by simply using the workspace command followed by the name of the workspace.

Step #6 Database Commands

To see all the commands we can use in the Metasploit connected database, we can simply ask Metasploit for help and scroll down the page until we will find the database commands like below.

msf> -help

One of the beauties of having a database connected to Metasploit is the ability to save our results in the database for later use. For instance, let's use the db_nmap command to scan all the machines on our local network.

msf > db_nmap 192.168.181.0/24

After the nmap has completed its work, it saves the IP addresses and info into the connected database. We can view those with the host's command

msf > hosts

Step #7 Export the Database

Finally, we can export the data in our database to a file. We simply need to use the db_export command followed by the -f option  the file type XML and then the location of the file

msf > db_export -f xml /root/hackersarise.xml

Now that have the database connected to Metasploit it will save us minutes and hours by enabling us to save our results for later use and speed up our searches in Metasploit.